Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pop ups, search bar (mirar) broadband very slow

Started by el__Burro , Mar 15 2006 05:06 AM

Please log in to reply

#1
el__Burro

Posted 15 March 2006 - 05:06 AM

Member

Member
40 posts

Hi since I started my Broadband service I am receiving many pop ups, on my address bar appears a search bar from MIRAR and the HOME page is ABOUT BLANK.

There is also a RUNDLL32 cmq.exe error (i'll post new details soon) message that appear as soon as I start the computer.
It also effects the HJT.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:26, on 15/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\System32\scvhost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\mousepad2.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [crytxp] C:\WINDOWS\System32\crytxp.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [Saer] "C:\Program Files\tner\baet.exe" -vt yazb
O4 - HKCU\..\Run: [avistd] C:\WINDOWS\System32\avistd.exe
O4 - HKCU\..\Run: [Lfrwsh] C:\WINDOWS\s?stem32\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co....cab?10,0,910,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_it.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtss - C:\WINDOWS\SYSTEM32\awtss.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Many thanks

#2
don77

Posted 15 March 2006 - 06:49 AM

Malware Expert

Retired Staff
18,526 posts

Hello and welcome el__Burro

Could you run through the steps in this Topic please,

Post back a fresh HJT log when done please

#3
el__Burro

Posted 15 March 2006 - 05:12 PM

Member

Topic Starter
Member
40 posts

Hi done as you suggested.

Logfile of HijackThis v1.99.1
Scan saved at 23:02:33, on 15/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [crytxp] C:\WINDOWS\System32\crytxp.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [Saer] "C:\Program Files\tner\baet.exe" -vt yazb
O4 - HKCU\..\Run: [avistd] C:\WINDOWS\System32\avistd.exe
O4 - HKCU\..\Run: [Lfrwsh] C:\WINDOWS\s?stem32\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co....cab?10,0,910,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_it.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52994B03-1651-4E02-921A-36DB03AB21F8}: NameServer = 213.1.119.99 213.1.119.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtss - C:\WINDOWS\SYSTEM32\awtss.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

#4
don77

Posted 15 March 2006 - 09:21 PM

Malware Expert

Retired Staff
18,526 posts

OK was expecting to see more of that go away but we will keep at it,

Lets move onmto the next one here,

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Next
Reboot to safe mode.

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished

Post back a fresh HJT log for me please

#5
el__Burro

Posted 16 March 2006 - 07:57 AM

Member

Topic Starter
Member
40 posts

Here is my last HJT

Logfile of HijackThis v1.99.1
Scan saved at 13:49:03, on 16/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKLM\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [crytxp] C:\WINDOWS\System32\crytxp.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [Saer] "C:\Program Files\tner\baet.exe" -vt yazb
O4 - HKCU\..\Run: [avistd] C:\WINDOWS\System32\avistd.exe
O4 - HKCU\..\Run: [Lfrwsh] C:\WINDOWS\s?stem32\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co....cab?10,0,910,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_it.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

#6
don77

Posted 16 March 2006 - 04:10 PM

Malware Expert

Retired Staff
18,526 posts

Please disable Microsoft AntiSpyware

Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKLM\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\Run: [crytxp] C:\WINDOWS\System32\crytxp.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [Saer] "C:\Program Files\tner\baet.exe" -vt yazb
O4 - HKCU\..\Run: [avistd] C:\WINDOWS\System32\avistd.exe
O4 - HKCU\..\Run: [Lfrwsh] C:\WINDOWS\s?stem32\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Command C] winhost32.exe
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD and the folders I have highlighted in blue

C:\Program Files\E2G
C:\WINDOWS\System32\WinNB57.dll
C:\PROGRA~1\TOOLBA~1
C:\Program Files\Toolbar888
C:\Program Files\tner
C:\WINDOWS\System32\avistd.exe

Restart your computer, Post back a fresh log please

#7
el__Burro

Posted 17 March 2006 - 12:11 PM

Member

Topic Starter
Member
40 posts

Much better, already but when I connect using broadband it stops responding
and i need to RESET it.

HERE is my latest HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:02:22, on 17/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\scvhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

#8
don77

Posted 17 March 2006 - 12:48 PM

Malware Expert

Retired Staff
18,526 posts

still a bit more to do

Make sure you disable Micrsoft Antispyware again please,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe

Close out HJT

Download Pocket Killbox from. Here
Paste the full file path C:\WINDOWS\System32\scvhost.exe in the box and click on Delete on Reboot.
Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?"
Click "Yes"
Let the system reboot

Post back a fresh HJT log when done please

#9
el__Burro

Posted 18 March 2006 - 07:35 AM

Member

Topic Starter
Member
40 posts

Hi, still very SLOW and all programs stop RESPONDING after a little while.

Logfile of HijackThis v1.99.1
Scan saved at 13:30:43, on 18/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10
don77

Posted 18 March 2006 - 09:05 AM

Malware Expert

Retired Staff
18,526 posts

Lets clean up your temp folders,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#11
el__Burro

Posted 18 March 2006 - 02:41 PM

Member

Topic Starter
Member
40 posts

Here it is.. Over 145 viruses..
Here is the report

Incident Status Location

Virus:W32/Parite.B Not disinfected Operating system
Adware:adware/popuper Not disinfected C:\WINDOWS\SYSTEM32\hhk.dll
Adware:adware/virmaid Not disinfected C:\WINDOWS\SYSTEM32\perfcii.ini
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\data.~
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\ubber60.ini
Adware:adware/dyfuca Not disinfected C:\WINDOWS\optimize.exe
Adware:adware/savenow Not disinfected C:\PROGRAM FILES\VVSN
Adware:adware/whenusearch Not disinfected C:\PROGRAM FILES\COMMON FILES\WhenU
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/e2give Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mario&Josette\Cookies\mario&josette@doubleclick[1].txt
Virus:W32/Parite.B Not disinfected C:\I386\EXPAND.EXE
Virus:W32/Parite.B Not disinfected C:\I386\NETSETUP.EXE
Virus:W32/Parite.B Not disinfected C:\I386\NTSD.EXE
Virus:W32/Parite.B Not disinfected C:\I386\REGEDIT.EXE
Virus:W32/Parite.B Not disinfected C:\I386\SYSPARSE.EXE
Virus:W32/Parite.B Not disinfected C:\I386\TELNET.EXE
Virus:W32/Parite.B Not disinfected C:\I386\WINNT32.EXE
Virus:W32/Parite.B Not disinfected C:\I386\DRW\DWWIN.EXE
Virus:W32/Parite.B Not disinfected C:\unzipped\asteroids_win\Neave Asteroids.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\pacman_win\Neave Pac-Man.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\invaders_win\Neave Space Invaders.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\tetris_win\Neave Tetris.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\sc\ScreenCatch.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\renne1\Elch.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\hoster\Hoster\Hoster.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\divx_3.11alpha\DivX_311alpha\Register_DivX.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\divx_3.11alpha\DivX_311alpha\SetStereo.exe
Virus:W32/Parite.B Not disinfected C:\unzipped\bfu\BFU.exe
Virus:W32/Parite.B Not disinfected C:\Kaspersky\Getvlist.exe
Virus:W32/Parite.B Not disinfected C:\Kaspersky\kavss.exe
Virus:W32/Parite.B Not disinfected C:\Kaspersky\kavupd.exe
Virus:W32/Parite.B Not disinfected C:\BFU\BFU.exe
Virus:W32/Parite.B Not disinfected C:\Scaricamenti\RealPlayer10-5GOLD_it.exe
Virus:W32/Parite.B Not disinfected C:\Scaricamenti\ihp_Kitchen.exe
Virus:W32/Parite.B Not disinfected C:\Scaricamenti\LimeWireWin.exe
Virus:W32/Parite.B Not disinfected C:\smart.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IZ43YZ83\drsmartload[1].exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\drivers\Install.EXE
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\oobe\oobebaln.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\usmt\migload.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\usmt\migwiz.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\spoolsv.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\notepad.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\cidaemon.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\cisvc.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\cliconfg.exe
Virus:Trj/Agent.BMS Not disinfected C:\WINDOWS\system32\ljjgh.dll
Virus:Trj/Agent.BMS Not disinfected C:\WINDOWS\system32\vtusq.dll
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\expand.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\ntsd.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\pathping.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\migpwd.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\uwdf.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\clspack.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\netsetup.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\jdbgmgr.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\jview.exe
Virus:Trj/Agent.BMS Not disinfected C:\WINDOWS\system32\awtss.dll.vir
Virus:W32/Sdbot.FPO.worm Not disinfected C:\WINDOWS\system32\eraseme_27475.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\telnet.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\wjview.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\ptuninst.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\nvsvc32.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\dmcpl.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\nwiz.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Com\comrepl.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\unam4ie.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\scplayer.exe
Adware:Adware/Puper Not disinfected C:\WINDOWS\system32\hhk.dll
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Utility\UnLAN.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Utility\detectID.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Utility\INSTALL.EXE
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\UnLAN.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\remove.exe
Virus:Trj/Lowzones.IU Not disinfected C:\WINDOWS\system32\LogFiles\A5051800.so
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\wuauclt1.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\addfilter.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\dxdllreg.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\Ulead Photo Explorer.scr
Virus:Trj/Agent.BMS Not disinfected C:\WINDOWS\system32\khffe.dll
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\java.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\javaw.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\javaws.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\logon.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\lgwbuye.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\nenzj.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\spooIsv.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\pmsdwikt.exe
Virus:W32/Sdbot.ftp Not disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.GUI.worm Not disinfected C:\WINDOWS\system32\winscntrl.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\uwmhmp.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\bgeydinx.exe
Virus:Bck/Sdbot.GNG Not disinfected C:\WINDOWS\system32\nmafamvs.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\voea.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\system32\iexplore.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\vta1.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\pua2.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\xva3.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\ujaB.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\jja1.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\ska2.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\cka3.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\zja97.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\wka1.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\qla2.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\wla3.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\qla1.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\mla2.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\ima3.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Temp\fla20D.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\regedit.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\OLD28.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\OLD2B.tmp
Virus:W32/Parite.B Not disinfected C:\WINDOWS\UNINST32.EXE
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\tok\smart.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\RUNONCEW.EXE
Virus:W32/Parite.B Not disinfected C:\WINDOWS\Joybook.scr
Virus:W32/Parite.B Not disinfected C:\WINDOWS\cn.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\OLD2E.tmp
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\s?stem32\rundll32.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\eltpower.exe
Virus:Trj/Lowzones.OL Not disinfected C:\WINDOWS\spool\index1.exe
Virus:Trj/Agent.BMS Not disinfected C:\WINDOWS\spool\is940.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\spool\mc-110-12-0000141.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\spool\newdr.exe
Virus:Trj/Multidropper.BFL Not disinfected C:\WINDOWS\spool\run.bat
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\spool\YazzleBundle-1125.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\pi1_34.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\surv3.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\876057.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\876029.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\eeedo.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\eee2.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\optimize.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\unstall.exe
Virus:Trj/LowZones.QP Not disinfected C:\WINDOWS\cm\index.exe
Virus:Trj/Lowzones.OL Not disinfected C:\WINDOWS\cm\index1.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\cm\mc-110-12-0000141.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\cm\newdr.exe
Virus:Trj/Multidropper.BFL Not disinfected C:\WINDOWS\cm\run.bat
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\cm\YazzleBundle-1125.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\alcrmv.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\alcupd.exe
Adware:Adware/Pop64 Not disinfected C:\WINDOWS\elitemediapop.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\winhost32.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\LastGood\regedit.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\uninst.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\IsUninst.exe
Virus:W32/Parite.B Not disinfected C:\WINDOWS\SOUNDMAN.EXE
Virus:W32/Parite.B Not disinfected C:\WINDOWS\iun6002.exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[1].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[2].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[3].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[4].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[5].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[6].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[7].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[8].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[9].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[10].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[11].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[12].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[13].exe
Virus:Trj/Perda.C Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[14].exe
Possible Virus. Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDAJS12B\sysdat[15].exe

#12
don77

Posted 18 March 2006 - 02:59 PM

Malware Expert

Retired Staff
18,526 posts

Lets run ewdio it should clean a good bit of those and then we will have another look at it,

Please download ewido security suite it is a trial version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot to safe mode see here if you unsure hot to ->SAFE MODE
Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.

Reboot back to normal mode and post back the edido report.txt for me please

#13
el__Burro

Posted 18 March 2006 - 03:32 PM

Member

Topic Starter
Member
40 posts

Hi, unfortunately I have an old version (expired) of EWIDO..
I dobleClick to open the program but it tells me "database could not be found, please run an online UPDATE..

I've followed the link to Manual Update but nothing...
the program opens for a second only

Thanks

#14
don77

Posted 18 March 2006 - 03:55 PM

Malware Expert

Retired Staff
18,526 posts

OK lets go a different route,

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Hardware Clock Driver (hwclock)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

hwclock

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

After it reboots

Next
Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.

Along with a fresh HJT log

#15
el__Burro

Posted 18 March 2006 - 05:28 PM

Member

Topic Starter
Member
40 posts

NO way..

I used already my free version on this program..

I've already deleted services.msc.. it was already stopped.

Any other way..??

many thanks

ps
just in case here is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 23:28:13, on 18/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
C:\Program Files\BenQ\QMusic\QMAgent.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\csrssv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mario&Josette\My Documents\Pictures\Josette\Anti-virus programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QtEiBenQ] C:\PROGRA~1\BENQMA~1\QtEiBenQ.EXE
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\SuperDJ\o2mdj.exe
O4 - HKLM\..\Run: [QMusic] "C:\Program Files\BenQ\QMusic\QMAgent.exe"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.c..._1/yregucfg.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52994B03-1651-4E02-921A-36DB03AB21F8}: NameServer = 83.146.21.5 212.158.248.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe